from the tertiary-liability dept

For quite some time now, we've been concerned about the continued expansion of "secondary liability" concepts, adding more and more liability for copyright infringement to parties who are often far removed from any actual infringement. There are two major concerns with this. First, putting liability on one party for the actions of another just seems generally problematic. But, perhaps more importantly, when you put potential liability on an unrelated party, the end result is almost always excessive policing in a manner that hinders or entirely blocks perfectly legitimate activity and speech.

That's why a recent court ruling in Germany is so problematic. It's the followup to an earlier ruling that found a domain registrar, Key-Systems, liable for actions done by the users of a torrent tracking site H33T. H33T just hosted the torrent (which, we should remind you, is not the actual infringing file), and some users used that tracker to torrent the album Blurred Lines. When H33T failed to respond to a takedown notice, Universal Music went after the registrar, and the court said it was Key-System's responsibility to stop the infringement. Of course, the only way for the registrar to do that is to yank the entire domain.

The case was appealed, but the appeals court upheld the lower court ruling. Even though the registrar pointed out (accurately) that it had no way of knowing if the torrent was actually infringing, the court said that the registrar was responsible for assuming it must be infringing once it had contacted the domain owners and not received a response. That's an interesting shifting of the burden of proof. The court also seems unconcerned that the only way the registrar can remedy the situation is to take everything down, saying that if the website didn't want this to happen it should have responded promptly to the takedown notices it had received.

Much of this seems to focus on assuming guilt unless one can prove innocence, and further believing that it's somehow "obvious" to recognize when someone is infringing on copyrights. As the Universal Music lawyer tells TorrentFreak in the link above, the company is quite excited about this new power, and will "have this in mind when looking at other domains."

from the what's-wrong-with-a-court-order? dept

It's not just the City of London Police demanding that websites be taken offline without any due process. It appears that the US Food & Drug Administration (FDA) is getting in on the game as well. The Wall Street Journal recently published a detailed article about how angry the FDA is with ICANN (there's also a corresponding blog post which may not face the same paywall restrictions) for not simply killing domains that the FDA deems "rogue pharmacies." That's not to say that there aren't reasonable concerns about rogue pharmacies. There are clearly some concerns about those sites, but it seems like there are better ways to deal with those than just barging in and saying that ICANN and registrars need to take down sites based solely on their say so.

In July, the FDA teamed with Interpol and dozens of countries to try to shut down more than 1,300 websites suspected of selling drugs without a prescription. Officials sent a list of all the websites, carrying names such as buyoxycontinonline.com and approvedonlinepharmacy.net, to the Chinese company that registered them. The company replied with a request for a court order and then sent a terse follow-up email: “It is not possible for us to take action.”

In frustration, officials turned to the Internet’s central administrator, an organization called the Internet Corp. for Assigned Names and Numbers, or Icann. Its contract with the registrar, BizCN.com, requires the company to investigate reports of illegal behavior.

But here's the thing. Everyone in the articles (including the reporters) seem to take it as perfectly reasonable that ICANN and/or these registrars should have just taken down these sites. No one points out that BizCN seemed to respond properly by asking for a court order. ICANN isn't in the business of censorship. It shouldn't be the one to determine if a site is an illegal pharmacy or not. There's a reason why we have due process and courts to adjudicate decisions like that. Putting the entire burden on registrars and/or ICANN to act as internet cops, ready to take down sites at a notification's notice seems tremendously problematic.

It's a recipe for censorship, stifling free speech and hindering innovation. And yet, that's what the FDA and others want:

Because of its central role, regulators and law-enforcement agencies around the world say Icann could be crucial to their crackdown on illicit Internet operators of all kinds.

Already, just in the online pharmacy space, we've seen how certain pharmaceutical companies like to conflate the small number of truly "rogue" pharmacies that sell either counterfeit drugs or real drugs without proper procedures, with perfectly safe and legal Canadian pharmacies that many Americans rely on for cheaper drugs. The big pharmaceutical companies would like to shut down that competition, even as American politicians have explored expanding the ability of US citizens to get their drugs from such pharmacies. And that's why it's reasonable to ask for an actual court order before taking down sites -- rather than just assuming that some bureaucrat at the FDA can accurately determine which sites are "good" and which are "bad," and then demand that registrars or ICANN automatically take action.

from the say-what? dept

This was mentioned briefly in our recent post about EasyDNS changing how it deals with online pharmacies, but it's still dealing with bizarre requests from the City of London Police. As we've been detailing, the City of London Police seem to think that (1) their job is to protect the business model of the legacy entertainment industry and (2) that they can do this globally, despite actually just representing one-square mile and (3) that they can do this entirely based on their own say so, rather than any actual court ruling. It started last year when the City of London Police started ordering registrars to transfer domains to the police based entirely on their say so, rather than any sort of due process/trial that found the sites guilty of violating a law. The police wanted the domains to point to sites that the legacy entertainment industry approved of, which makes you wonder why the police are working on behalf of one particular industry and acting as an ad campaign for them.

Speaking of advertising, the City of London Police's more recent tactic is inserting ridiculous and misleading banner ads on websites based on a secret blacklist that has no oversight and no due process or way to appeal. Such lists often include perfectly legitimate sites. But, I'm sure we can trust the City of London Police to get this right, given that the guy in charge of the City of London Police's Intellectual Property Crime Unit (PIPCU), Adrian Leppard, believes that "the Tor" is 90% of the internet and that "Bitnet" is a "huge risk and threat to our society."

We respectfully request that EASYDNS TECHNOLOGIES, INC. give consideration to your ongoing business relationship with the owners/purchasers of the domain to avoid any future accusations of knowingly facilitating the movement of criminal funds.

Should you require any clarification please do not hesitate to make contact.

As Jeftovic notes, the implication here is pretty clear. The City of London Police wants to "build a case" that EasyDNS is somehow responsible for aiding and abetting criminal activity.

Once again, we are being asked to do (something, we're actually not sure what this time) based entirely on an allegation which has never been tested in a court of law and has been afforded absolutely zero "due process". (The domain in question is a search engine that hosts no content).

[....]

We think this time the intent is not to actually get the domain name taken down, but rather to build some sort of "case" (I won't call it legal, perhaps the better word would be "kafka-esque") that we, easyDNS by mere "Receipt of this email" are now knowingly allowing domains under management to be "used to facilitate criminal activity".

Thus, if we don't takedown the domains PIPCU want us to, when they want us to, then we may face accusations in the future (in their own words) "of knowingly facilitating the movement of criminal funds."

Which of course, we don't know at all because there has never even been a court case anywhere to test the PIPCU allegations. I know I never went to law school or anything, but in my mind, until that happens, that is all they are – allegations.

And, of course, it's tough to see how the City of London Police have any jurisdiction at all over EasyDNS, a Canadian company. Jeftovic goes on to wonder if the City of London Police are actually defaming the websites they accuse in these notices. Of course, the problem is that these sites tend to be small and powerless. As we've seen with sites like Dajaz1 and Rojadirecta, even after they were taken down and businesses were destroyed for over a year before the Justice Department in the US simply dropped the cases and handed back the domain names, there was little those sites could do in response. Sure, they could have filed a lawsuit, but lawsuits are expensive, and a lawsuit for a tiny struggling website against the US government? That's just not likely to get anywhere productive.

What's extra troubling is how this tactic of targeting registrars for non-judicial censorship like this is becoming increasingly common -- and it's happening in countries like the US and the UK which claim to support basic principles of due process and are (supposedly) against prior restraint. When it comes to the City of London Police, they seem to be operating without any sort of controls or oversight, just making it up as they go along. Unfortunately, because they're "the police," it doesn't seem likely that anyone will get them to cut out this censorious and harassing activity.

from the that's-not-how-it-works dept

This is incredible. Just yesterday we wrote about how EasyDNS won its arbitration case, saying that a registrar cannot takedown and block the transfer of a domain name just on the say so of law enforcement or anyone else not carrying a court order. And, the very next day, EasyDNS is reporting on an absurd letter it has received from the National Association of Boards of Pharmacy, which argues exactly the opposite of what the arbitration panel told EasyDNS.

Incredibly, it says that if it complains about a domain, the registrar must take it down:

"Upon receipt of an abuse notification, some Registrars claim that a court order is required or that they are not violating the laws of the Registrar’s country. Both assertions are wrong."

Except, as EasyDNS points out, the arbitration ruling says that it's the NABP that's wrong, and that a court order is required. Similarly, the NABP claims that registrars must freeze the domains, even without a court order.

You should not allow domain names engaged in the illegal sale or distribution to transfer to another Registrar: the question of legality does not relate to where the Registrar is located, but rather to the activity of the Web site.

But, again, the arbitration ruling, which merely read from ICANN's own rules, says the exact opposite -- noting that you clearly need a court order

The NABP also tries the same direct misreading of ICANN's rules that Public Domain Registry used, to pretend that "fraud" is a reason to deny transfer, but as the arbitration ruling found, that claim is simply incorrect. The "fraud" referenced in the rules is only fraud concerning transfers not fraud in terms of what the website was used for.

There's much more in the letter as well. There is some history here. The NABP is basically an organization designed to artificially inflate the price of drugs in the US, cynically using highly questionable claims to pretend that they're focused on "public safety." For years, the NABP has worked hard to keep legitimate but cheaper versions of drugs outside the US, so that US pharmacies (and the drug companies they work with) can charge increasingly insane prices for drugs. Because they can use the specter of "fake drugs killing people!" they're able to do all sorts of nasty attacks on foreign pharmacies that are selling perfectly legitimate drugs to willing buyers, by claiming that they put people's lives at risk.

And, now, it appears they're going even further in trying to basically create a "SOPA-like" setup, whereby registrars are required to pull down any domain based solely on NABP's say so without any judicial review at all. The fact that this is happening at the same time that City of London Police are doing the same exact thing (at the urging of the legacy music/movie industries) isn't an accident. While the supporters of SOPA insist that there's no new legislation coming, they're all trying to do an end run around all of it, creating something that's even more extreme than SOPA by getting registrars to simply kill sites they don't like based on nothing but a complaint.

EasyDNS's Mark Jeftovic says it all in his blog post about it, noting that this is why they fought back against COICA/SOPA/PIPA:

It really is getting creepy out there.

We now know that we live in a total surveillance society, governments are printing money, going broke, manufacturing consent and lying about nearly everything; while quasi-governmental agencies all over the world are now asserting they have the authority to overturn legal process and basically dictate everybody else's business.

Who will be the next batch of clowns who tell us they can use liberally interpreted language in a couple of agreements that they aren't even party to to compel us to takedown your website? Let's start a betting pool.

This is why pushing back and standing up for internet freedom is so important. The attempts to control, to censor, to block and to silence are only increasing. The legacy players who can't stand competition or innovation are looking for any way to hold back the future, and that means attacking the public's ability to make use of the internet and to speak freely.

from the not-how-it-works dept

We recently wrote about the City of London Police ordering various registrars to shut down a list of websites based on the City of London Police themselves deciding they must be illegal. That is, without a court order or any judicial oversight, the police just decided the sites were illegal and needed to be taken offline. On top of that, the police force's new "IP Crime Unit" threatened registrars that if they didn't obey, then they might lose their accreditation from ICANN. This was based on a total misreading of both copyright law and ICANN's rules.

In fact, Mark Jeftovic, the head of EasyDNS, the one registrar that appears to have both refused the City of London Police's demand and also spoken out publicly about this terrible attack on due process, is now noting that all of the other registrars who complied with the orders are almost certainly in violation of ICANN's policiesbecause they obeyed the police. The main issue is that part of the demand from the police was that the registrar not only redirect the site to a propaganda page, but that it also "freeze the whois record" to block any further changes.

But, as Jeftovic points out, ICANN has very specific rules about these things, and because some random police force demands it is not an approved reason to do such a thing:

Since there were no charges against any of the domains and no court orders, it may be at the registrars' discretion to play ball with these ridiculous demands. However – what they clearly cannot do now, is prevent any of those domain holders from simply transferring out their names to more clueful, less wimpy registrars.

Section 3, Obligations of The Registrar of Record clearly spells out the reasons why a registrar may deny a transfer-out request, and they are limited specifically to cases of fraud (the domain was paid for fraudulently), a UDRP proceeding or, hey, get this one "Court order by a court of competent jurisdiction", as well as some administrative reasons (like the domain was registered less than 60 days ago).

What is conspicuously absent from the list of reasons why a registrar that actually complied with this lunacy can now deny a transfer-out request is "because some guy sent you an email telling you to lock it down".

Jeftovic further notes that the registrars who folded upon receiving the police threat have now opened themselves up to significant liability problems, because the sites that got taken down can respond via the Transfer Dispute Resolution Policy (TDRP), which could mean that the registrars will have to pay "substantial" fees for blocking the transfer without a valid basis.

It certainly would be interesting to see the full list of sites the City of London Police decided to censor, as well as who the various registrars are, and how they reacted. While such a list doesn't appear to be out yet, I imagine it's only a matter of time.

While Espinel has certainly been a lot more open to talking with those of us concerned about the state of intellectual property laws (and has actually seemed quite willing to pay attention to what we're saying -- which I appreciate), these kinds of meetings appear quite troubling. I understand why the meetings are focused on so-called "illegal pharmacies," because then everyone supporting these actions can hide behind the claim of "protecting Americans from dangerous fake drugs." But the truth is that while some online pharmacies are quite questionable, many are simply "gray market" attempts to import drugs to the US from elsewhere where the identical drugs are sold for much less. In a global economy, that should be allowed. In fact, one could argue that keeping drugs artificially expensive in the US does a lot more harm to Americans than the chance of them getting a fake pill.

On top of that, it seems out of line for the US government to be involved in pressuring these companies, whether they're ISPs, domain registrars, payment processors or ICANN itself, to "voluntarily" block websites without a trial or due process. Yes, I can recognize that there can be legitimate health concerns with some of these websites, but those are better dealt with elsewhere. If a company is selling fake or harmful drugs, then laws within that country should be able to deal with it. If there are concerns about such drugs getting across the border, then it seems like a matter for border control. Asking internet companies to act as de facto "voluntary" censors seems like a big step too far.

And, of course, if it starts with such gray market pharmacies, you can only imagine how long it will take until the RIAA/MPAA/etc. come calling for the same sort of "voluntary cooperation" from the same companies for sites "dedicated to infringing activities," potentially killing off all sorts of innovation, before the market has a chance to adapt. When world wide web inventor Tim Berners-Lee and tons of other internet luminaries have come out against COICA, shouldn't the White House be a bit more careful before trying to get various internet players to voluntarily do the same thing with even less due process?

from the a-thousand-times-no dept

Michael Scott points us to an article at CircleID that appears to be little more than a disguised press release for a company pitching "brand protection service," suggesting that registrars and ISPs need to crack down on illegal online pharmacies and drug trafficking or face legal consequences. While the analysis is correct that trademark violations are a loophole not protected by CDA section 230 safe harbors, that doesn't necessarily mean that a registrar or ISP is automatically liable for hosting such a site. The whole point of section 230 is to make sure that liability is properly placed on the user, rather than the service/tool provider. That should stand even without section 230 protections. You can't just blame a third party because they're easier to find. The article seems to imply that if anyone complains about a trademark in a domain name, registrars and ISPs should automatically shut down that site -- but that would create serious problems. The real issue here is a serious loophole in safe harbor protections when it comes to trademarks. The answer shouldn't be a moral panic for registrars and ISPs, but to close the loophole and harmonize the various safe harbor provisions.

from the let's-explain-how-this-works dept

It would appear that the lawyers at diamond conglomerate De Beers are unaware of the Streisand Effect. As you might have heard, a week after the US Presidential election, some prankster put out a spoofed version of a future New York Times. It got plenty of attention for a few days and then people moved on. Well, apparently not everyone. De Beers is upset that the online version of the spoof contained a fake De Beers ad. Rather than recognize that this was a spoof (ha ha) that everyone had pretty much forgotten about, the company had its lawyers send off a threat letter. However, rather than target the creators of the spoof, or even the hosting firm, De Beers threatened the registrar who handled the domain registration for the site, demanding that it take down the site or face a trademark infringement lawsuit.

Of course, as the EFF notes at the above link, intermediaries (third party service providers) are clearly well protected against liability for the actions of their users in the US. And, of course, there's the whole issue of parodies being protected from infringement suits. However, even more ridiculous is the fact that De Beers is now calling more attention to the ad. The spoof of the entire newspaper did get some attention, but that attention quickly waned, and it's unlikely that too many people paid attention to the spoof banner ad on a spoof website for the NY Times. I hadn't even heard about the ads. Almost all of the attention was on the spoof stories. Yet, now that De Beers is threatening to sue, a lot more folks are going to know about and see the ad. How is that possibly a smart move on the part of De Beers?

from the catch-me-if-you-can.com dept

Hearing stories about cybersquatters taking domains that are confusingly similar to corporate names is nothing new, but a new lawsuit from Dell shows just how far some firms are taking the practice. Dell has sued a group of registrars claiming that they're really a series of shell companies designed to sit on various squatted domains for free. It's no secret that a common practice among domain squatters is to register a domain and put ads on it for a few days to see if it drives any revenue -- and if it doesn't to return the domain within the grace period. We had always heard of this practice as being called "domain kiting," but Dell refers to it (more aptly) as "domain tasting" in its lawsuit. However, what's interesting here is that they're accusing one company of setting up a long series of shell corporations to keep registering the same domain name over and over again -- getting the benefit of the traffic without ever having to pay for the domain name. For example, Dell notes that one company registered "dellfinacncialservices.com" and used it for 5 days (the limit you can go without paying) before abandoning it. However, as soon as it was abandoned, another firm picked up, used it for 5 days and then abandoned it again, only to see another firm immediately pick it up. Basically, they trace a pretty compelling pattern to suggest that this was a coordinated effort, potentially by a single company.

The other interesting part about the lawsuit is that rather than focusing on standard laws having to do with cybersquatting, Dell has gone a step further and is claiming that registering domain names with the Dell name in them is akin to "counterfeiting." That seems like quite a stretch -- and even the legal expert quoted in the article seems to think it's a long shot for Dell to make that argument. If they win on this argument, then it could spell a lot of trouble for people who happen to own domain names that are similar to the names of large corporations. For many years, we've covered the fight between Nissan (the automaker) and Uzi Nissan, the guy who owns Nissan.com (this story is getting some more attention this week, thanks to a Freakonomics post, but the story itself has dragged on for years). Presumably, if Dell wins their case, then Nissan could turn around and accuse Nissan.com of "counterfeiting" and have a pretty strong precedent to back it up.